Secure transfer of information over a network has been a vital concern since the inception of networked computing. The problem of transferring confidential information from one point to another across an untrusted network has been a fundamental problem of disturbed computing. Various schemes, most involving encryption of some sort have been devised to circumvent this problem. Typically, data to be securely transmitted between one computer and a remote computer is encrypted before transmission to the remote computer using an encryption algorithm, such as public key encryption. Additionally, it is common for a message authentication code to be generated for the data so that a remote computer can confirm the data received and unencrypted is correct.
However, while the data might be secure during the actual transmission of the data between the two computers, any software-to-software solution has a fundamental weakness; the human-to-computer interface. Regardless of how secure the endpoint or remote computer is; regardless of the strength of the encryption algorithm; the sensitive information must somehow be transferred on to the computer before it can be transported across the network.
This weakness can be exploited by looking for sensitive information when a user types the sensitive information into an application, such as when a user fills out a form on a web page while using a web browser. Viral programs can monitor keyboard inputs made to a web browser or other application, attempting to collect sensitive information like a user's credit card number and related information.
Additionally, viral programs can also monitor data passed out of applications that the viral program suspects may contain sensitive information. For example, even if a viral program does not collect information a user inputs into an application, for example the user's sensitive information is gathered by the application itself, the viral program can collect information at it is passed out of the application. If the application is a web browser, the viral program could collect http requests made by the web browser, before the data is encrypted in the hopes of obtaining sensitive information belonging to the user, such as his or her credit card number and related information.